User Screen

Data is captured on these tabs of the Edit User screen: Overview, Security Roles, Operational Roles, Custom Permissions, Attributes, User Options and Authentications. Below is a list of descriptions for the fields on these tabs.

Overview

The Overview tab contains these sections: Header, Regional Settings, Notes and Modification.

Header

  • Code: A unique code that identifies the user when he/she logs into the system.
  • Full Name: A unique full name that identifies the user, which includes the user's first name and last name, for example: Tom Smith.
  • Is Administrator: If set to true, the user will have permissions to the entire system. As a result, the Security Roles and Custom Permissions tabs will not be displayed. If set to false, the administrator must allocate permissions for what the user can and cannot do in On Key. This is enabled or disabled by clicking Make Administrator or Clear Administrator in the On Key Assist.
  • Primary Email: The user's primary email address.
  • Site: The default site for this user. This is a physical site that the user is associated with.
  • Associated Staff Member: The staff member associated with the user.
  • Operational Role Rule: This governs what profiles a user has access to. The following options are available:
    • Strict, in which case the user will only be able to see profiles linked to their operational role. A "Strict" user cannot create profiles and will not have access to system profiles, other operational role profiles, public profiles (that are not linked to the user's operational roles) or other users' personal profiles. "Strict" users are not allowed to change the defaults that are assigned to them.
    • Limited, in which case the user will only be restricted for certain screens. If there's a profile assigned for a screen, then only those profiles can be used for that specific screen. On other screens, the user will have access similar to the "Open" rules for system profiles, all public profiles and all operational role profiles. The user can have the permission to create their own profiles or not but will only be able to create profiles for non-restricted screens.
    • Open, in which case the user will have no restrictions and be able to see all groupings.
  • Permission Tree: A unique code, linked to a permission record in a permission tree, that determines whether a user has rights to access records and/or make changes to records. This is assigned by the system, where possible.
  • Is Active: Ticked if the user is active and available in a lookup list.

Regional Settings

  • Content Translate: Indicates whether translations should be enabled, i.e. whether the Content Translations toggle should be switched on. This toggle switch is used to apply content translations globally and is accessed by clicking . This will first default to the user setting, then to the user's site setting, then to the System Options setting.
  • Date Separator: Define how the values in dates will be separated in On Key. For example, the values can be separated by a slash (/) or a dot (.). This will first default to the user setting, then to the user's site setting, then to the System Options setting and is a required field on the System Options only. This format will applied throughout the system, excluding the Change Log. The options for date separators are:
    • None
    • Slash
    • Dot.
  • Date Format: Define the format in which dates will be displayed in On Key. This will first default to the user setting, then to the user's site setting, then to the System Options setting and is a required field on the System Options only. This format will be applied throughout the system, excluding the Change Log. The following date formats are available:
    • None
    • YYYYMMDD
    • YYYYDDMM
    • DDMMYYYY
    • MMDDYYYY.
  • Time Format: Define the format in which time will be displayed in On Key. This will first default to the user setting, then to the user's site setting, then to the System Options setting and is a required field on the System Options only. This format will be applied throughout the system, excluding the Change Log. The following time formats are available:
    • None
    • Clock24h
    • Clock12h.
  • Default Language: This is the language in which On Key will be displayed when the user logs in. The default language can be set on Users, Sites and System Options, but is only a required field on the System Options. If a default language is set on the user, it takes priority and is applied. If not, the system will check whether the site that's associated with the user has a default language set and apply that. If the default language is neither specified on the user nor the user's site, then the default language that's set in the System Options is applied. The default language being applied is illustrated with in the user's account information, which is accessed by clicking then Language.

Notes

  • Notes: Add additional details, comments or other relevant information.

Modification

Displays details of when the record was created and last updated. This section is autopopulated and requires no user input.

User Security Roles

User security roles are the security roles that are assigned to a specific user. User security roles govern which system functions the user has access rights to and what the user can and cannot do in On Key.

If the user is not an administrator, i.e. Is Administrator is disabled, then security roles must be assigned to the user. Furthermore, if the allocated security role is a permission tree role, i.e. Is Permission Tree Role is enabled, then the specific permission tree that applies must be defined. You can also specify whether or not to apply down the permission tree from that point on, using the Apply Down Permission Tree toggle switch. This indicates that the permissions will apply to records with that permission tree and down (optional).

The user inherits permissions from each security role that is assigned to the user. Additionally, user-specific permissions are configured directly on the user as custom permissions. If any changes have been made to the permissions on the user, these changes will reflect on clicking Assist - Calculate Permissions in the sidebar. Refer to Calculate Permissions for Users for more information.

The following information displays when security roles are linked to a user:

  • Security Role Code: A unique code that identifies the security role.
  • Security Role Description: A description of the security role.
  • Valid From: This, together with the Valid To value, is used to set temporary validity or an expiry date for permissions. For example, a validity period can be set for a seasonal artisan that only needs to perform work during a certain period. Specify the date and time from which the permissions on the user security role is valid. If no Valid From and Valid To values are defined, then the user security role is still active.
  • Valid To: The date and time that the validity of the user security role is reached. When the user security role is outside of validity, the associated permissions will fall away. If no Valid From and Valid To values are defined, then the user security role is still active.

Refer to Security Roles for more information.

User Operational Roles

User operational roles are the operational roles that are assigned to a specific user. User operational roles govern what profiles the user will default to, what profiles the user can use and what the user can see in On Key.

A user can have multiple operational roles but only one of these can be identified as the default operational role at a time. The user inherits profiles and data resources from each operational role that is linked.

The following information displays when operational roles are linked to a user:

  • Operational Role Code: A unique code that identifies the operational role.
  • Operational Role Description: A description of the operational role.
  • User Description: The user's full name.
  • Is Default: Indicates whether this is the default operational role for the user. Only one default operational role is allowed per user.
  • Is Active: Indicates whether the operational role is active and available in a lookup list.

Refer to Operational Roles for more information.

User Custom Permissions

Custom permissions are additional permissions that are assigned to users in special cases. Custom permissions are configured directly on the user, since they relate to the specific user. They are not applicable to the security role and are therefore not linked to the security role.

Custom permissions are used when the configuration of a specialised security role that is only assigned to a few users is not justified.

The following information displays when custom permissions are linked to a user:

  • Category: Represents a main menu option in the main menu tree, for example: Work Management or Resource Management.
  • Sub Category: Represents a sub-menu option, for example: Task Configuration.
  • Permission: The action that can be initiated by a user, for example: Edit or Lookup.
  • Entity Name: An item in On Key that is associated with a menu option, for example: Asset or Stock Item.

User Attributes

Attributes are used to describe the specific features, properties or characteristics of an item in On Key.

Attributes can be linked to items in the system to define their specific features and characteristics. A linked attribute can be inherited. When items are synced the linked attribute will be inherited, also as a linked attribute. So, if linked to an asset type, for example, then the asset will inherit the linked attribute.

These fields are required when linking an attribute to a user:

  • Permission Tree Code: A unique code, linked to a permission record in a permission tree, that determines whether a user has rights to access records and/or make changes to records. This is assigned by the system, where possible.
  • Attribute Code: A name that identifies the attribute, for example: EMERGENCY.

Once linked, the attribute and its associated details are listed in the grid on the user's Attributes tab. The linked attribute also displays in a consolidated list of linked attributes, on the User Attribute Dashboard.

Refer to Attributes for more information.

User Options

User options enable you to configure global settings that apply to various functions in On Key.

When any of the user options fields are inserted and the user creates a work order, the corresponding fields on a work order will be autopopulated with the logged in user's default values. The same applies when the user manually creates a follow-up work order. So, the user does not have to enter values on certain work order fields if their defaults have been configured in the user options.

The fields on the user options are defaults for work orders, except for the fields in the Asset Tree and Reports sections. For more information on the defaults for work orders, refer to Work Order Defaults.

Below is a list of descriptions for the fields on the User Options tab. All fields are optional and can be set per user, as needed.

Work Order Planning

  • Type Of Work Code: The default type of work that is displayed when this user captures a work order.
  • Importance Code: The default work order importance that is displayed when this user captures a work order.
  • Responsible Section Code: The default section that is displayed when this user captures a work order.
  • Responsible Trade Code: The default trade that is displayed when this user captures a work order.
  • Responsible Staff Code: The default staff member who is responsible for a work order captured by this user.

Work Order Classification

  • Work Order Classifications 1 - 5: The default work order classifications and their allowed values that are displayed when this user captures a work order.

Work Order Status

  • Apply Work Order Status Rules: Indicates whether the work order status change rules apply to the user. If set to true, the user has to follow set work order rules when changing the work order status. So, the user can only change the work order status to specific statuses. If set to false, the user can change the work order status to any status.

Work Management Cost Elements

  • Stock Items Cost Element Code: The cost element for stock items that is displayed when this user captures a work order.
  • Contractors Cost Element Code: The cost element for contractor services that is displayed when this user captures a work order.
  • Direct Purchases Cost Element Code: The cost element for direct purchases that is displayed when this user captures a work order.
  • Work Order Task Resource Cost Element Code: The cost element for resources that is displayed when this user captures a work order.

Task Planning

  • Type Of Work Code: The default type of work for an asset task that is added by this user.
  • Importance Code: The default importance for a task that is added by this user.
  • Responsible Section Code: The default section for a task that is added by this user.
  • Responsible Trade Code: The default trade for a task that is added by this user.
  • Responsible Staff Code: The default staff member for a task that is added by this user.

Task Classifications

  • Task Classifications 1 - 8: The default for each task classification when an asset task is added by this user.

Asset Tree

  • Root Asset Code: This asset is the highest node that appears in the asset tree and only it and its child items can be accessed by this user. If the user's root asset differs from the default root asset specified for the site, then the user's root asset takes preference. If not specified, the user will see all items in the asset tree.

Reports

  • Is Report User: If ticked, this indicates that this user is a report user. If not ticked, then this user is not a report user.
  • Report User ID: Once the record is saved (with Is Report User enabled and the Report User Roles allocated), then the user is created in Wyn's reports portal and the Report User ID will be returned. This field is autopopulated and read-only.
  • Report User Name: Once the record is saved (with Is Report User enabled and the Report User Roles allocated), then the user is created in Wyn's reports portal and the Report User Name will be returned. This field is autopopulated and read-only.
  • Report User Roles: Allocate Wyn report roles to the user, to determine what the user can and cannot do in Wyn. The roles must be created and exist in Wyn first before they can be allocated in On Key. The Report User Roles are entered manually, as a comma-separated list. If the user is a report user, then they must have at least one role assigned.
  • Report Server UI Language: This is a language and region setting, which enables you to configure the language, and how the date and number formats are displayed on Wyn's user interface. This will first default to the user setting, then to the user's site setting, then to the System Options setting.
  • Report Server Report Language: This is a language and region setting, which enables you to configure the language, and how the date and number formats are displayed in the report in Wyn. This will first default to the user setting, then to the user's site setting, then to the System Options setting.

Refer to Wyn Reporting and Language and Regional Settings for Reporting for more information.

Notes

  • Notes: Add additional details, comments or other relevant information.

User Authentications

This is the process On Key uses to verify the identity of its users.

When a user is created in On Key, the Authentications tab will contain no entries. An invite must be sent to onboard the user. On following the link in the invitation e-mail, the user selects the authentication provider that their organisation makes use of from the options displayed. Once the user is authenticated and logged into On Key, the Authentications tab on the user is autopopulated with the authentication provider. For more information on this process, refer to Onboarding and Authentication.

The system uses the user's Primary Email to find the associated Provider Subject key from the authentication provider registry. The Provider Subject is a unique identifier for the user that is associated with the Provider Type. It uses this to authenticate the user.

You can also manually link authentication providers to a user. The Provider Subject, which is obtained from your organisation's IT department, is required when manually linking an authentication provider. A user can have multiple provider types allocated, in which case the relevant authentication provider is selected at login.

The following information displays when authentication providers are linked to a user:

  • Provider Type: The authentication provider type, such as Azure or Ping, for example.
  • Provider Name: The name of the authentication provider.
  • Provider Key: A unique identifier for the Provider Type.